Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/7bddda-0c6c-4a5e-b1c5-3ba5f30caabf/1/QeMLef52nWQt8KOiEfy1VRL6VUs.roa
File:                     QeMLef52nWQt8KOiEfy1VRL6VUs.roa (raw, json)
Hash identifier:          vdainM1ktmLgM7J+fssfmYohLW7YHixGUG2XsxGDl88=
Subject key identifier:   41:E3:0B:79:FE:76:9D:64:2D:F0:A3:A2:11:FC:B5:55:12:FA:55:4B
Certificate issuer:       /CN=1a4dd11554247bd2bd301cea43ff5180372c38e4
Certificate serial:       018CC42536630ACABE970A4D1CAC39B8B068
Authority key identifier: 1A:4D:D1:15:54:24:7B:D2:BD:30:1C:EA:43:FF:51:80:37:2C:38:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gk3RFVQke9K9MBzqQ_9RgDcsOOQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/7bddda-0c6c-4a5e-b1c5-3ba5f30caabf/1/QeMLef52nWQt8KOiEfy1VRL6VUs.roa
Signing time:             Mon 01 Jan 2024 08:30:22 +0000
ROA not before:           Mon 01 Jan 2024 08:30:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42962
IP address blocks:        185.192.56.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/7bddda-0c6c-4a5e-b1c5-3ba5f30caabf/1/Gk3RFVQke9K9MBzqQ_9RgDcsOOQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/7bddda-0c6c-4a5e-b1c5-3ba5f30caabf/1/Gk3RFVQke9K9MBzqQ_9RgDcsOOQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gk3RFVQke9K9MBzqQ_9RgDcsOOQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:36:63:0a:ca:be:97:0a:4d:1c:ac:39:b8:b0:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a4dd11554247bd2bd301cea43ff5180372c38e4
        Validity
            Not Before: Jan  1 08:30:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=41e30b79fe769d642df0a3a211fcb55512fa554b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:ac:a7:2f:73:94:23:b3:b3:f7:df:13:93:39:
                    21:fb:77:21:45:0c:8a:7e:8a:c1:6f:df:b6:de:59:
                    db:d1:b4:7a:c9:28:04:70:e8:51:56:ff:34:8a:8f:
                    d6:21:c2:16:6b:92:7d:ef:d7:d7:e4:4c:27:91:f1:
                    ad:fe:d9:7f:a0:1e:bf:20:b8:92:8d:0f:29:fc:f8:
                    5d:0b:c6:dd:30:c7:3f:80:eb:4f:15:e4:3e:c3:81:
                    99:05:2b:00:43:4e:b7:3f:fe:fb:45:cb:fc:83:21:
                    5c:d1:42:fd:77:dd:94:be:c4:50:63:6a:89:c3:74:
                    9c:43:d3:f6:33:c8:d7:8d:12:1a:4a:5e:d1:bd:1e:
                    44:af:c3:ef:ce:95:5e:de:d7:84:6a:9c:06:55:33:
                    bc:46:99:5e:16:9f:1a:0f:1e:20:23:d7:0f:24:e2:
                    04:a7:63:4f:76:52:ac:c5:4d:71:2c:f0:c7:2d:3c:
                    55:54:4d:4a:c3:45:70:15:6b:83:7e:ac:15:56:03:
                    f1:ea:84:82:eb:10:a1:d5:a2:f0:e2:77:d5:14:99:
                    ae:d8:49:ec:8b:c7:52:18:b0:ad:41:39:bb:39:d0:
                    35:5d:2a:f8:de:d1:db:a6:d8:af:68:07:19:28:8a:
                    d4:bb:42:4a:95:df:fd:52:81:69:a1:4e:88:15:45:
                    47:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:E3:0B:79:FE:76:9D:64:2D:F0:A3:A2:11:FC:B5:55:12:FA:55:4B
            X509v3 Authority Key Identifier:
                keyid:1A:4D:D1:15:54:24:7B:D2:BD:30:1C:EA:43:FF:51:80:37:2C:38:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gk3RFVQke9K9MBzqQ_9RgDcsOOQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/7bddda-0c6c-4a5e-b1c5-3ba5f30caabf/1/QeMLef52nWQt8KOiEfy1VRL6VUs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/7bddda-0c6c-4a5e-b1c5-3ba5f30caabf/1/Gk3RFVQke9K9MBzqQ_9RgDcsOOQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.192.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7a:40:17:f8:b2:81:c8:47:8f:0a:3d:9b:92:93:0d:8c:94:74:
         0c:88:07:76:2b:d3:d2:4e:29:92:f2:d4:05:a3:24:ad:02:46:
         1a:d9:dc:0c:31:f9:26:27:2e:d8:9e:a7:84:42:5c:f3:32:25:
         14:6e:c6:04:0f:41:ea:b1:23:df:93:a5:41:1c:d8:6d:7b:e8:
         c0:22:64:7e:68:fe:bb:2e:b2:a2:9f:e7:a3:5c:72:3f:84:93:
         2e:8e:9f:f5:f1:f7:33:32:b4:7c:f5:98:11:da:4d:44:f2:cf:
         80:8a:5c:44:27:d7:a4:02:2f:2b:97:7b:1b:c9:84:2c:33:24:
         33:9e:d5:d1:7c:f4:0a:35:7e:dc:6c:17:4f:5a:ee:b9:93:7c:
         76:40:20:ce:bc:0f:df:81:32:d4:f3:c7:d3:d8:15:d5:72:13:
         b3:75:0c:2c:07:49:a8:ef:ad:fb:61:c1:e4:89:8b:ae:b9:b1:
         36:e5:3c:40:bf:50:ba:b1:94:14:2e:5a:5b:d7:c6:a6:eb:e4:
         67:ad:87:61:27:09:b4:21:38:dc:6b:92:eb:7c:09:10:3f:41:
         0a:f9:d4:ed:17:b2:df:f7:54:7a:63:f2:f2:9d:c6:33:2f:f9:
         ce:ef:2d:9d:b5:6a:9f:01:2f:1c:98:94:5d:c7:dc:89:00:e3:
         94:6d:55:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJTZjCsq+lwpNHKw5uLBoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhNGRkMTE1NTQyNDdiZDJiZDMwMWNlYTQzZmY1MTgwMzcy
YzM4ZTQwHhcNMjQwMTAxMDgzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWUzMGI3OWZlNzY5ZDY0MmRmMGEzYTIxMWZjYjU1NTEyZmE1NTRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx6ynL3OUI7Oz998Tkzkh+3chRQyK
forBb9+23lnb0bR6ySgEcOhRVv80io/WIcIWa5J979fX5EwnkfGt/tl/oB6/ILiS
jQ8p/PhdC8bdMMc/gOtPFeQ+w4GZBSsAQ063P/77Rcv8gyFc0UL9d92UvsRQY2qJ
w3ScQ9P2M8jXjRIaSl7RvR5Er8PvzpVe3teEapwGVTO8RpleFp8aDx4gI9cPJOIE
p2NPdlKsxU1xLPDHLTxVVE1Kw0VwFWuDfqwVVgPx6oSC6xCh1aLw4nfVFJmu2Ens
i8dSGLCtQTm7OdA1XSr43tHbptivaAcZKIrUu0JKld/9UoFpoU6IFUVHewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEHjC3n+dp1kLfCjohH8tVUS+lVLMB8GA1UdIwQY
MBaAFBpN0RVUJHvSvTAc6kP/UYA3LDjkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2szUkZWUWtlOUs5TUJ6cVFfOVJnRGNzT09RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS83YmRkZGEtMGM2Yy00YTVlLWIxYzUt
M2JhNWYzMGNhYWJmLzEvUWVNTGVmNTJuV1F0OEtPaUVmeTFWUkw2VlVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS83YmRkZGEtMGM2Yy00YTVlLWIxYzUtM2JhNWYzMGNhYWJm
LzEvR2szUkZWUWtlOUs5TUJ6cVFfOVJnRGNzT09RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucA4MA0G
CSqGSIb3DQEBCwUAA4IBAQB6QBf4soHIR48KPZuSkw2MlHQMiAd2K9PSTimS8tQF
oyStAkYa2dwMMfkmJy7YnqeEQlzzMiUUbsYED0HqsSPfk6VBHNhte+jAImR+aP67
LrKin+ejXHI/hJMujp/18fczMrR89ZgR2k1E8s+AilxEJ9ekAi8rl3sbyYQsMyQz
ntXRfPQKNX7cbBdPWu65k3x2QCDOvA/fgTLU88fT2BXVchOzdQwsB0mo7637YcHk
iYuuubE25TxAv1C6sZQULlpb18am6+RnrYdhJwm0ITjca5LrfAkQP0EK+dTtF7Lf
91R6Y/LyncYzL/nO7y2dtWqfAS8cmJRdx9yJAOOUbVX6
-----END CERTIFICATE-----